openssl is a great tool to determine whether a server is misconfigured does an unintentional downgrade to weak ciphers.
e.g. openssl s_client -connect pops.mydom.com:995 -cipher EXPORT will either fail or find one. However, it would be great to allow openssl diagnostically to discover the entire cipher-list a server accepts, i.e. it would iterate through all its ciphers and attempt to perform a handshake and only print out the ciphers where that succeeded. Or is that rather a task for nmap? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]